About Me
I'm a PhD candidate at MESL of UCSD CSE, advised by Rajesh K. Gupta and Earlence Fernandes. I obtained my bachelor degree in Electrical and Computer Engineering at Shanghai Jiaotong University.
My research interest spans widely, including CPS-IoT (smart buildings in particular), security, privacy, and applied cryptography. I missioned myself to help the general public embrace the utility and productivity of evolving technologies such as AI, smart hardware, etc. without being worried about various security, privacy, and safety issues including but not limited to ubiquitous surveillance, personal info leakage, and data misusage.
News:
-
Our work Imprompter and Fun-tuning were both referenced by Google Gemini's security report as evidence of prompt injection attacks in the wild against LLM systems!
-
Google Gemini has patched their fine-tuning interface against our Fun-tuning attack, which was covered by Arstechnica and Andriod Authority
-
Imprompter is covered by WIRED and acknowledged by Mistral AI (9-13-2024)!
Education
Interests
Selected Research
Fun-tuning: Characterizing the Vulnerability of Proprietary LLMs to Optimization-based Prompt Injection Attacks via the Fine-Tuning Interface
Attackers can leverage loss-like information from remote fine-tuning interfaces to compute adversarial prompts, compromising the security of closed-weight Large Language Models.
Misusing Tools in Large Language Models With Adversarial Examples
LLMs are being enhanced with the ability to use tools and to process multiple modalities (and formulate agents). These new capabilities bring new benefits and also new security risks. In this thrust of work, we show a novel threat model where an attacker can use automatically generated adversarial examples to cause attacker-desired tool usage. For example, the attacker could cause a victim LLM to delete calendar events, leak private conversations and book hotels.
Smart Building and Sensing
The recent advancement in Cyber Physical Systems (CPS) and the Artificial Intelligence of Things (AIOT) has brought significant productivity and utility enhancement across all walks of life. However, safety and security concerns and usability challenges have prohibited the wide adoption of AI-powered smart "things" in large-scale real-world systems. My research aims to close this gap by enabling secure and safe interaction with Cyber-Physical Systems in a user-friendly manner. Smart commercial b ...
Context-Aware, Continuous Authentication Using Biometrics & Fuzzy Extractors
In our work, we deviate from the status quo and show how users can authenticate themselves using biometrics whilst. We utilize primitives from cryptography -- namely fuzzy extractors -- to ensure that there is no requirement to perform template matching (of a template stored in the clear) on trusted hardware.
Improving gVisor Memory Subsystem Performance
In this project, we analyzed the performance of the gVisor memory management subsystem, starting from benchmarking malloc and ending up focusing on MMAP. We further profiled MMAP performance within gVisor and identified its bottlenecks. We proposed an optimization in the free page searching algorithm of virtual memory space within gVisor (from O(N) to O(logN)). This optimization patch has been merged into production.